UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The z/OS Default profiles must not be defined in TSS OMVS UNIX security parameters for classified systems.


Overview

Finding ID Version Rule ID IA Controls Severity
V-7000 ZUSST050 SV-7303r3_rule Medium
Description
TSS UNIQUSER control option will automatically assign a UID to any user who logs on to OMVS without an OMVS segment. Parameter settings in the TSS impact the security level of z/OS UNIX. In classified systems user access will not be determined by default.
STIG Date
z/OS TSS STIG 2017-06-26

Details

Check Text ( C-3701r2_chk )
If the system in not classified this is not applicable.

From a command line issue the following command:
Note: One must have appropriate access to perform this command (have the site security officer to issue command).

TSS MODIFY STATUS

Examine the following options:
UNIQUSER

Alternately:
Refer to the following report produced by the TSS Data Collection:

- TSSCMDS.RPT(STATUS)
- System Classification

Automated Analysis requiring Additional Analysis:
Refer to the following report produced by the TSS Data Collection:

- PDI(ZUSST050)

If system is classified and UNIQUSER is off i.e., (UNIQUSER(OFF) there is no finding.
Fix Text (F-81943r1_fix)
Ensure that Use of the OMVS default UIDs will not be allowed on any classified system.

Set Control Option UNIQUSER off.